Skip to content

Commit

Permalink
Remove TLS certificate management from this policy.
Browse files Browse the repository at this point in the history 
I am deferring the management of TLS certificates to wrapper
cookbooks. This closes #247.
  • Loading branch information
John Bellone committed Mar 7, 2016
1 parent 6ae5f01 commit 630f05e
Show file tree
Hide file tree
Showing 4 changed files with 0 additions and 192 deletions.
54 changes: 0 additions & 54 deletions libraries/consul_config.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,50 +108,6 @@ def tls?

action(:create) do
notifying_block do
if new_resource.tls?
include_recipe 'chef-vault::default'

[new_resource.ca_file, new_resource.cert_file, new_resource.key_file].each do |filename|
directory ::File.dirname(filename) do
recursive true
if node['os'].eql? 'linux'
owner new_resource.owner
group new_resource.group
mode '0755'
end
end
end

item = chef_vault_item(new_resource.bag_name, new_resource.bag_item)
file new_resource.ca_file do
content item['ca_certificate']
if node['os'].eql? 'linux'
owner new_resource.owner
group new_resource.group
mode '0644'
end
end

file new_resource.cert_file do
content item['certificate']
if node['os'].eql? 'linux'
owner new_resource.owner
group new_resource.group
mode '0644'
end
end

file new_resource.key_file do
sensitive true
content item['private_key']
if node['os'].eql? 'linux'
owner new_resource.owner
group new_resource.group
mode '0640'
end
end
end

directory ::File.dirname(new_resource.path) do
recursive true
if node['os'].eql? 'linux'
Expand All @@ -175,16 +131,6 @@ def tls?

action(:delete) do
notifying_block do
if new_resource.tls?
file new_resource.cert_file do
action :delete
end

file new_resource.key_file do
action :delete
end
end

file new_resource.path do
action :delete
end
Expand Down
30 changes: 0 additions & 30 deletions test/integration/acl/serverspec/localhost/default_spec.rb
View file

This file was deleted.

63 changes: 0 additions & 63 deletions test/integration/default/serverspec/localhost/default_spec.rb
View file

This file was deleted.

45 changes: 0 additions & 45 deletions test/spec/libraries/consul_config_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
before do
recipe = double('Chef::Recipe')
allow_any_instance_of(Chef::RunContext).to receive(:include_recipe).and_return([recipe])
allow_any_instance_of(Chef::Provider).to receive(:chef_vault_item) { { 'ca_certificate' => 'foo', 'certificate' => 'bar', 'private_key' => 'baz' } }
end

context 'sets options directly' do
Expand All @@ -29,50 +28,6 @@
EOH
end

context 'manages certificates' do
recipe do
consul_config '/etc/consul/default.json' do
key_file '/etc/consul/ssl/private/consul.key'
ca_file '/etc/consul/ssl/CA/ca.crt'
cert_file '/etc/consul/ssl/certs/consul.crt'
verify_incoming true
verify_outgoing true
end
end

it { is_expected.to create_directory('/etc/consul/ssl/CA') }
it { is_expected.to create_directory('/etc/consul/ssl/certs') }
it { is_expected.to create_directory('/etc/consul/ssl/private') }

it do
is_expected.to create_file('/etc/consul/ssl/CA/ca.crt')
.with(content: 'foo')
.with(owner: 'consul')
.with(group: 'consul')
.with(mode: '0644')
end

it do
is_expected.to create_file('/etc/consul/ssl/certs/consul.crt')
.with(content: 'bar')
.with(owner: 'consul')
.with(group: 'consul')
.with(mode: '0644')
end

it do
is_expected.to create_file('/etc/consul/ssl/private/consul.key')
.with(content: 'baz')
.with(sensitive: true)
.with(owner: 'consul')
.with(group: 'consul')
.with(mode: '0640')
end

it { is_expected.to create_directory('/etc/consul') }
it { is_expected.to create_file('/etc/consul/default.json') }
end

context 'deletes configuration' do
recipe do
consul_config '/etc/consul/default.json' do
Expand Down

0 comments on commit 630f05e

Please sign in to comment.